Performing CyberOps Using Cisco Security Technologies

Although there are no mandatory prerequisites, to fully benefit from this course, you should have the following knowledge:

• Familiarity with UNIX/Linux shells (bash, csh) and shell commands
• Familiarity with the Splunk search and navigation functions
• Basic understanding of scripting using one or more of Python, JavaScript, PHP or similar.

Recommended Cisco offering that may help you prepare for this course:

• Implementing and Administering Cisco Solutions (CCNA)
• Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

After taking this course, you should be able to:

• Describe the types of service coverage within a SOC and operational responsibilities associated with each.
• Compare security operations considerations of cloud platforms.
• Describe the general methodologies of SOC platforms development, management, and automation.
• Explain asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections.
• Describe Zero Trust and associated approaches, as part of asset controls and protections.
• Perform incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC.
• Use different types of core security technology platforms for security monitoring, investigation, and response.
• Describe the DevOps and SecDevOps processes.
• Explain the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, Comma-Separated Values (CSV).
• Describe API authentication mechanisms.
• Analyze the approach and strategies of threat detection, during monitoring, investigation, and response.
• Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
• Interpret the sequence of events during an attack based on analysis of traffic patterns.
• Describe the different security tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools).
• Analyze anomalous user and entity behavior (UEBA).
• Perform proactive threat hunting following best practices.

How you'll benefit

This course will help you:

• Gain an advanced understanding of the tasks involved for senior-level roles in a security operations center
• Configure common tools and platforms used by security operation teams via practical application
• Prepare you to respond like a hacker in real-life attack scenarios and submit recommendations to senior management
• Prepare for the 350-201 CBRCOR core exam
• Earn 40 CE credits toward recertification

• Understanding Risk Management and SOC Operations
• Understanding Analytical Processes and Playbooks
• Investigating Packet Captures, Logs, and Traffic Analysis
• Investigating Endpoint and Appliance Logs
• Understanding Cloud Service Model Security Responsibilities
• Understanding Enterprise Environment Assets
• Implementing Threat Tuning
• Threat Research and Threat Intelligence Practices
• Understanding APIs
• Understanding SOC Development and Deployment Models
• Performing Security Analytics and Reports in a SOC
• Malware Forensics Basics
• Threat Hunting Basics
• Performing Incident Investigation and Response